Cryptology ePrint Archive: Report 2012/055

Abstract: An anonymous user authentication scheme allows the user and the remote server to authenticate each other, and should preserve user anonymity. In 2011, Mun et al. proposed an enhanced secure anonymous user authentication scheme for roaming service in global mobility networks. They claimed that their scheme was more secure and efficient than others. However, we demonstrate that their scheme is vulnerable to the insider, impersonation, server spoofing, and denial of service attacks along with the efficiency and password issues. Meanwhile, it cannot provide any user anonymity. Thus it is not feasible for the real-life implementation.